Change Id to be received as string instead of decoded

Regenhardt · Regenhardt · commit 71291eb21c40 · 2024-12-30T01:06:59.000+01:00
RawId is decoded to the raw byte value, while Id is the same value in base64url-encoded form. passwordless-lib#513
diff --git a/BlazorWasmDemo/Server/Controllers/UserController.cs b/BlazorWasmDemo/Server/Controllers/UserController.cs
@@ -268,7 +268,7 @@ public async Task<string> MakeAssertionAsync([FromBody] AuthenticatorAssertionRa
             _pendingAssertions.Remove(key);
 
             // 2. Get registered credential from database
-            var creds = _demoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
+            var creds = _demoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");
 
             // 3. Make the assertion
             var res = await _fido2.MakeAssertionAsync(
diff --git a/Demo/Controller.cs b/Demo/Controller.cs
@@ -192,7 +192,7 @@ public async Task<JsonResult> MakeAssertion([FromBody] AuthenticatorAssertionRaw
             var options = AssertionOptions.FromJson(jsonOptions);
 
             // 2. Get registered credential from database
-            var creds = DemoStorage.GetCredentialById(clientResponse.Id) ?? throw new Exception("Unknown credentials");
+            var creds = DemoStorage.GetCredentialById(clientResponse.RawId) ?? throw new Exception("Unknown credentials");
 
             // 3. Get credential counter from database
             var storedCounter = creds.SignCount;
diff --git a/Demo/TestController.cs b/Demo/TestController.cs
@@ -154,7 +154,7 @@ public async Task<JsonResult> MakeAssertionTestAsync([FromBody] AuthenticatorAss
         var options = AssertionOptions.FromJson(jsonOptions);
 
         // 2. Get registered credential from database
-        var creds = _demoStorage.GetCredentialById(clientResponse.Id);
+        var creds = _demoStorage.GetCredentialById(clientResponse.RawId);
 
         // 3. Get credential counter from database
         var storedCounter = creds.SignCount;
diff --git a/Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs b/Src/Fido2.Models/AuthenticatorAssertionRawResponse.cs
@@ -11,9 +11,8 @@ namespace Fido2NetLib;
 /// </summary>
 public class AuthenticatorAssertionRawResponse
 {
-    [JsonConverter(typeof(Base64UrlConverter))]
     [JsonPropertyName("id")]
-    public byte[] Id { get; set; }
+    public string Id { get; set; }
 
     // might be wrong to base64url encode this...
     [JsonConverter(typeof(Base64UrlConverter))]
diff --git a/Src/Fido2/AuthenticatorAssertionResponse.cs b/Src/Fido2/AuthenticatorAssertionResponse.cs
@@ -78,7 +78,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
         if (options.AllowCredentials != null && options.AllowCredentials.Any())
         {
             // might need to transform x.Id and raw.id as described in https://www.w3.org/TR/webauthn/#publickeycredential
-            if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.Id)))
+            if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.RawId)))
                 throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.CredentialIdNotInAllowedCredentials);
         }
 
@@ -88,7 +88,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
             if (UserHandle.Length is 0)
                 throw new Fido2VerificationException(Fido2ErrorMessages.UserHandleIsEmpty);
 
-            if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken) is false)
+            if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.RawId, UserHandle), cancellationToken) is false)
             {
                 throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.UserHandleNotOwnerOfPublicKey);
             }
@@ -177,7 +177,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(
         return new VerifyAssertionResult
         {
             Status = "ok",
-            CredentialId = Raw.Id,
+            CredentialId = Raw.RawId,
             SignCount = authData.SignCount,
             IsBackedUp = authData.IsBackedUp,
             DevicePublicKey = devicePublicKeyResult,
diff --git a/Test/AuthenticatorResponse.cs b/Test/AuthenticatorResponse.cs
@@ -1232,7 +1232,7 @@ public void TestAuthenticatorAssertionRawResponse()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1258,7 +1258,7 @@ public void TestAuthenticatorAssertionRawResponse()
             }
         };
         Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);
-        Assert.Equal([0xf1, 0xd0], assertionResponse.Id);
+        Assert.Equal("8dA", assertionResponse.Id);
         Assert.Equal([0xf1, 0xd0], assertionResponse.RawId);
         Assert.Equal([0xf1, 0xd0], assertionResponse.Response.AuthenticatorData);
         Assert.Equal([0xf1, 0xd0], assertionResponse.Response.Signature);
@@ -1308,7 +1308,7 @@ public async Task TestAuthenticatorAssertionTypeNotPublicKey()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.Invalid,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1446,7 +1446,7 @@ public async Task TestAuthenticatorAssertionRawIdMissing()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
                 AppID = false,
@@ -1514,7 +1514,7 @@ public async Task TestAuthenticatorAssertionUserHandleEmpty()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1583,7 +1583,7 @@ public async Task TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1652,7 +1652,7 @@ public async Task TestAuthenticatorAssertionTypeNotWebAuthnGet()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1723,7 +1723,7 @@ public async Task TestAuthenticatorAssertionAppId()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1793,7 +1793,7 @@ public async Task TestAuthenticatorAssertionInvalidRpIdHash()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -1864,7 +1864,7 @@ public async Task TestAuthenticatorAssertionUPRequirementNotMet()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -1934,7 +1934,7 @@ public async Task TestAuthenticatorAssertionUVPolicyNotMet()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2002,7 +2002,7 @@ public async Task TestAuthenticatorAssertionBEPolicyRequired()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -2071,7 +2071,7 @@ public async Task TestAuthenticatorAssertionBEPolicyDisallow()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2140,7 +2140,7 @@ public async Task TestAuthenticatorAssertionBSPolicyRequired()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2209,7 +2209,7 @@ public async Task TestAuthenticatorAssertionBSPolicyDisallow()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
             {
@@ -2279,7 +2279,7 @@ public async Task TestAuthenticatorAssertionStoredPublicKeyMissing()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -2348,7 +2348,7 @@ public async Task TestAuthenticatorAssertionInvalidSignature()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
@@ -2424,7 +2424,7 @@ public async Task TestAuthenticatorAssertionSignCountSignature()
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs()
             {
diff --git a/Test/ExistingU2fRegistrationDataTests.cs b/Test/ExistingU2fRegistrationDataTests.cs
@@ -13,7 +13,8 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
     {
         // u2f registration with appId
         var appId = "https://localhost:44336";
-        var keyHandleData = Base64Url.Decode("2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw");
+        var keyHandleB64Data = "2uzGTqu9XGoDQpRBhkv3qDYWzEEZrDjOHT94fHe3J9VXl6KpaY6jL1C4gCAVSBCWZejOn-EYSyXfiG7RDQqgKw";
+        var keyHandleData = Base64Url.Decode(keyHandleB64Data);
         var publicKeyData = Base64Url.Decode("BEKJkJiDzo8wlrYbAHmyz5a5vShbkStO58ZO7F-hy4fvBp6TowCZoV2dNGcxIN1yT18799bb_WuP0Yq_DSv5a-U");
 
         //key as cbor
@@ -35,7 +36,7 @@ public async Task TestFido2AssertionWithExistingU2fRegistrationWithAppId()
 
         var authResponse = new AuthenticatorAssertionRawResponse
         {
-            Id = keyHandleData,
+            Id = keyHandleB64Data,
             RawId = keyHandleData,
             Type = PublicKeyCredentialType.PublicKey,
             ClientExtensionResults = new AuthenticationExtensionsClientOutputs
diff --git a/Test/Fido2Tests.cs b/Test/Fido2Tests.cs
@@ -921,7 +921,7 @@ internal static async Task<VerifyAssertionResult> MakeAssertionResponseAsync(
         {
             Response = assertion,
             Type = PublicKeyCredentialType.PublicKey,
-            Id = [0xf1, 0xd0],
+            Id = "8dA",
             RawId = [0xf1, 0xd0],
         };
         IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) =>

Original file line number	Diff line number	Diff line change
`@@ -78,7 +78,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(`
`78`	`78`	`if (options.AllowCredentials != null && options.AllowCredentials.Any())`
`79`	`79`	`{`
`80`	`80`	`// might need to transform x.Id and raw.id as described in https://www.w3.org/TR/webauthn/#publickeycredential`
`81`		`- if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.Id)))`
	`81`	`+ if (!options.AllowCredentials.Any(x => x.Id.SequenceEqual(Raw.RawId)))`
`82`	`82`	`throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.CredentialIdNotInAllowedCredentials);`
`83`	`83`	`}`
`84`	`84`
`@@ -88,7 +88,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(`
`88`	`88`	`if (UserHandle.Length is 0)`
`89`	`89`	`throw new Fido2VerificationException(Fido2ErrorMessages.UserHandleIsEmpty);`
`90`	`90`
`91`		`- if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.Id, UserHandle), cancellationToken) is false)`
	`91`	`+ if (await isUserHandleOwnerOfCredId(new IsUserHandleOwnerOfCredentialIdParams(Raw.RawId, UserHandle), cancellationToken) is false)`
`92`	`92`	`{`
`93`	`93`	`throw new Fido2VerificationException(Fido2ErrorCode.InvalidAssertionResponse, Fido2ErrorMessages.UserHandleNotOwnerOfPublicKey);`
`94`	`94`	`}`
`@@ -177,7 +177,7 @@ public async Task<VerifyAssertionResult> VerifyAsync(`
`177`	`177`	`return new VerifyAssertionResult`
`178`	`178`	`{`
`179`	`179`	`Status = "ok",`
`180`		`- CredentialId = Raw.Id,`
	`180`	`+ CredentialId = Raw.RawId,`
`181`	`181`	`SignCount = authData.SignCount,`
`182`	`182`	`IsBackedUp = authData.IsBackedUp,`
`183`	`183`	`DevicePublicKey = devicePublicKeyResult,`
Original file line number	Diff line number	Diff line change
`@@ -1232,7 +1232,7 @@ public void TestAuthenticatorAssertionRawResponse()`
`1232`	`1232`	`{`
`1233`	`1233`	`Response = assertion,`
`1234`	`1234`	`Type = PublicKeyCredentialType.PublicKey,`
`1235`		`- Id = [0xf1, 0xd0],`
	`1235`	`+ Id = "8dA",`
`1236`	`1236`	`RawId = [0xf1, 0xd0],`
`1237`	`1237`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1238`	`1238`	`{`
`@@ -1258,7 +1258,7 @@ public void TestAuthenticatorAssertionRawResponse()`
`1258`	`1258`	`}`
`1259`	`1259`	`};`
`1260`	`1260`	`Assert.Equal(PublicKeyCredentialType.PublicKey, assertionResponse.Type);`
`1261`		`- Assert.Equal([0xf1, 0xd0], assertionResponse.Id);`
	`1261`	`+ Assert.Equal("8dA", assertionResponse.Id);`
`1262`	`1262`	`Assert.Equal([0xf1, 0xd0], assertionResponse.RawId);`
`1263`	`1263`	`Assert.Equal([0xf1, 0xd0], assertionResponse.Response.AuthenticatorData);`
`1264`	`1264`	`Assert.Equal([0xf1, 0xd0], assertionResponse.Response.Signature);`
`@@ -1308,7 +1308,7 @@ public async Task TestAuthenticatorAssertionTypeNotPublicKey()`
`1308`	`1308`	`{`
`1309`	`1309`	`Response = assertion,`
`1310`	`1310`	`Type = PublicKeyCredentialType.Invalid,`
`1311`		`- Id = [0xf1, 0xd0],`
	`1311`	`+ Id = "8dA",`
`1312`	`1312`	`RawId = [0xf1, 0xd0],`
`1313`	`1313`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1314`	`1314`	`{`
`@@ -1446,7 +1446,7 @@ public async Task TestAuthenticatorAssertionRawIdMissing()`
`1446`	`1446`	`{`
`1447`	`1447`	`Response = assertion,`
`1448`	`1448`	`Type = PublicKeyCredentialType.PublicKey,`
`1449`		`- Id = [0xf1, 0xd0],`
	`1449`	`+ Id = "8dA",`
`1450`	`1450`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1451`	`1451`	`{`
`1452`	`1452`	`AppID = false,`
`@@ -1514,7 +1514,7 @@ public async Task TestAuthenticatorAssertionUserHandleEmpty()`
`1514`	`1514`	`{`
`1515`	`1515`	`Response = assertion,`
`1516`	`1516`	`Type = PublicKeyCredentialType.PublicKey,`
`1517`		`- Id = [0xf1, 0xd0],`
	`1517`	`+ Id = "8dA",`
`1518`	`1518`	`RawId = [0xf1, 0xd0],`
`1519`	`1519`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1520`	`1520`	`{`
`@@ -1583,7 +1583,7 @@ public async Task TestAuthenticatorAssertionUserHandleNotOwnerOfPublicKey()`
`1583`	`1583`	`{`
`1584`	`1584`	`Response = assertion,`
`1585`	`1585`	`Type = PublicKeyCredentialType.PublicKey,`
`1586`		`- Id = [0xf1, 0xd0],`
	`1586`	`+ Id = "8dA",`
`1587`	`1587`	`RawId = [0xf1, 0xd0],`
`1588`	`1588`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1589`	`1589`	`{`
`@@ -1652,7 +1652,7 @@ public async Task TestAuthenticatorAssertionTypeNotWebAuthnGet()`
`1652`	`1652`	`{`
`1653`	`1653`	`Response = assertion,`
`1654`	`1654`	`Type = PublicKeyCredentialType.PublicKey,`
`1655`		`- Id = [0xf1, 0xd0],`
	`1655`	`+ Id = "8dA",`
`1656`	`1656`	`RawId = [0xf1, 0xd0],`
`1657`	`1657`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1658`	`1658`	`{`
`@@ -1723,7 +1723,7 @@ public async Task TestAuthenticatorAssertionAppId()`
`1723`	`1723`	`{`
`1724`	`1724`	`Response = assertion,`
`1725`	`1725`	`Type = PublicKeyCredentialType.PublicKey,`
`1726`		`- Id = [0xf1, 0xd0],`
	`1726`	`+ Id = "8dA",`
`1727`	`1727`	`RawId = [0xf1, 0xd0],`
`1728`	`1728`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1729`	`1729`	`{`
`@@ -1793,7 +1793,7 @@ public async Task TestAuthenticatorAssertionInvalidRpIdHash()`
`1793`	`1793`	`{`
`1794`	`1794`	`Response = assertion,`
`1795`	`1795`	`Type = PublicKeyCredentialType.PublicKey,`
`1796`		`- Id = [0xf1, 0xd0],`
	`1796`	`+ Id = "8dA",`
`1797`	`1797`	`RawId = [0xf1, 0xd0],`
`1798`	`1798`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`1799`	`1799`	`{`
`@@ -1864,7 +1864,7 @@ public async Task TestAuthenticatorAssertionUPRequirementNotMet()`
`1864`	`1864`	`{`
`1865`	`1865`	`Response = assertion,`
`1866`	`1866`	`Type = PublicKeyCredentialType.PublicKey,`
`1867`		`- Id = [0xf1, 0xd0],`
	`1867`	`+ Id = "8dA",`
`1868`	`1868`	`RawId = [0xf1, 0xd0],`
`1869`	`1869`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1870`	`1870`	`{`
`@@ -1934,7 +1934,7 @@ public async Task TestAuthenticatorAssertionUVPolicyNotMet()`
`1934`	`1934`	`{`
`1935`	`1935`	`Response = assertion,`
`1936`	`1936`	`Type = PublicKeyCredentialType.PublicKey,`
`1937`		`- Id = [0xf1, 0xd0],`
	`1937`	`+ Id = "8dA",`
`1938`	`1938`	`RawId = [0xf1, 0xd0],`
`1939`	`1939`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`1940`	`1940`	`{`
`@@ -2002,7 +2002,7 @@ public async Task TestAuthenticatorAssertionBEPolicyRequired()`
`2002`	`2002`	`{`
`2003`	`2003`	`Response = assertion,`
`2004`	`2004`	`Type = PublicKeyCredentialType.PublicKey,`
`2005`		`- Id = [0xf1, 0xd0],`
	`2005`	`+ Id = "8dA",`
`2006`	`2006`	`RawId = [0xf1, 0xd0],`
`2007`	`2007`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2008`	`2008`	`{`
`@@ -2071,7 +2071,7 @@ public async Task TestAuthenticatorAssertionBEPolicyDisallow()`
`2071`	`2071`	`{`
`2072`	`2072`	`Response = assertion,`
`2073`	`2073`	`Type = PublicKeyCredentialType.PublicKey,`
`2074`		`- Id = [0xf1, 0xd0],`
	`2074`	`+ Id = "8dA",`
`2075`	`2075`	`RawId = [0xf1, 0xd0],`
`2076`	`2076`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2077`	`2077`	`{`
`@@ -2140,7 +2140,7 @@ public async Task TestAuthenticatorAssertionBSPolicyRequired()`
`2140`	`2140`	`{`
`2141`	`2141`	`Response = assertion,`
`2142`	`2142`	`Type = PublicKeyCredentialType.PublicKey,`
`2143`		`- Id = [0xf1, 0xd0],`
	`2143`	`+ Id = "8dA",`
`2144`	`2144`	`RawId = [0xf1, 0xd0],`
`2145`	`2145`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2146`	`2146`	`{`
`@@ -2209,7 +2209,7 @@ public async Task TestAuthenticatorAssertionBSPolicyDisallow()`
`2209`	`2209`	`{`
`2210`	`2210`	`Response = assertion,`
`2211`	`2211`	`Type = PublicKeyCredentialType.PublicKey,`
`2212`		`- Id = [0xf1, 0xd0],`
	`2212`	`+ Id = "8dA",`
`2213`	`2213`	`RawId = [0xf1, 0xd0],`
`2214`	`2214`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs`
`2215`	`2215`	`{`
`@@ -2279,7 +2279,7 @@ public async Task TestAuthenticatorAssertionStoredPublicKeyMissing()`
`2279`	`2279`	`{`
`2280`	`2280`	`Response = assertion,`
`2281`	`2281`	`Type = PublicKeyCredentialType.PublicKey,`
`2282`		`- Id = [0xf1, 0xd0],`
	`2282`	`+ Id = "8dA",`
`2283`	`2283`	`RawId = [0xf1, 0xd0],`
`2284`	`2284`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2285`	`2285`	`{`
`@@ -2348,7 +2348,7 @@ public async Task TestAuthenticatorAssertionInvalidSignature()`
`2348`	`2348`	`{`
`2349`	`2349`	`Response = assertion,`
`2350`	`2350`	`Type = PublicKeyCredentialType.PublicKey,`
`2351`		`- Id = [0xf1, 0xd0],`
	`2351`	`+ Id = "8dA",`
`2352`	`2352`	`RawId = [0xf1, 0xd0],`
`2353`	`2353`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2354`	`2354`	`{`
`@@ -2424,7 +2424,7 @@ public async Task TestAuthenticatorAssertionSignCountSignature()`
`2424`	`2424`	`{`
`2425`	`2425`	`Response = assertion,`
`2426`	`2426`	`Type = PublicKeyCredentialType.PublicKey,`
`2427`		`- Id = [0xf1, 0xd0],`
	`2427`	`+ Id = "8dA",`
`2428`	`2428`	`RawId = [0xf1, 0xd0],`
`2429`	`2429`	`ClientExtensionResults = new AuthenticationExtensionsClientOutputs()`
`2430`	`2430`	`{`
Original file line number	Diff line number	Diff line change
`@@ -921,7 +921,7 @@ internal static async Task<VerifyAssertionResult> MakeAssertionResponseAsync(`
`921`	`921`	`{`
`922`	`922`	`Response = assertion,`
`923`	`923`	`Type = PublicKeyCredentialType.PublicKey,`
`924`		`- Id = [0xf1, 0xd0],`
	`924`	`+ Id = "8dA",`
`925`	`925`	`RawId = [0xf1, 0xd0],`
`926`	`926`	`};`
`927`	`927`	`IsUserHandleOwnerOfCredentialIdAsync callback = (args, cancellationToken) =>`